Click on ‘View HTTPS Certificate’ to verify the current
configuration of Alternative Names is correct (will need to Regenerate if not).

Click on ‘Download HTTPS Certificate Signing Request’

Image: Downloading
the CSR

Image: HTTPS
Certificate details

Copy the downloaded CSR (called MSOCM1.CSR in this lab)
to a Certification Authority (CA) server (here we have access to a Windows
Server 2008 R2 Domain Controller with ‘Active Directory Certificate Services’
and the ‘Certification Authority’ role installed - there is also Web
Enrollment).

Note: A
standard CA needs a slight modification to enable Subject Alternative Name
(SAN) certs, as detailed previously in this
blog post. From the DOS Command Prompt>

certutil -setreg
policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

net stop "Active
Directory Certificate Services"

net start "Active
Directory Certificate Services"

Run the following command from the DOS Command Prompt to
generate a CER (Certificate file) from the CSR>

Then in a text editor like Notepad++, open up the
MSOCM1.CER file, open up the ROOT_BASE64.CER file, and copy the content from
the ROOT_BASE64.CER file and paste it at the bottom of the MSOCM1.CER
file, and then save that file as MSOCM1.PEM. The PEM file will look something
like the below: